CVE-2025-25205: Express Url Regex Query Bypass
Matching `req.originalUrl` or `req.url` against a regular expression can lead to authentication bypasses or routing flaws. These request properties include the query string. If the regular expression is unanchored, an attacker can satisfy the match by injecting a specific substring into a query parameter (e.g., `?bypass=/api/public`). Evaluate route matches
greprules fetch cve-2025-25205-express-url-regex-query-bypass --engine opengrepDescription
Matching `req.originalUrl` or `req.url` against a regular expression can lead to authentication bypasses or routing flaws. These request properties include the query string. If the regular expression is unanchored, an attacker can satisfy the match by injecting a specific substring into a query parameter (e.g., `?bypass=/api/public`). Evaluate route matches
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.